Simplify Athena permissions and add List* to include "athena:ListData…

…Catalogs", "athena:ListDatabases", "athena:ListTableMetadata"
data-dot-all · Apr 9, 2024 · a9a1b2e · a9a1b2e
1 parent 4198e3c
commit a9a1b2e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/backend/dataall/core/environment/cdk/env_role_core_policies/athena.py b/backend/dataall/core/environment/cdk/env_role_core_policies/athena.py
@@ -14,7 +14,10 @@ def get_statements(self, group_permissions, **kwargs):
         statements = [
             iam.PolicyStatement(
                 # sid="ListAthena",
-                actions=['athena:ListWorkGroups', 'athena:ListTagsForResource', 'athena:GetWorkgroup'],
+                actions=[
+                    'athena:List*',
+                    'athena:GetWorkgroup'
+                ],
                 effect=iam.Effect.ALLOW,
                 resources=['*'],
             ),
@@ -23,7 +26,6 @@ def get_statements(self, group_permissions, **kwargs):
                 actions=[
                     'athena:Get*',
                     'athena:BatchGet*',
-                    'athena:List*',
                     'athena:StartQueryExecution',
                     'athena:StopQueryExecution',
                     'athena:CreateNamedQuery',